[1999] in linux-security and linux-alert archive
[linux-security] Re: Qpop CERT advisory?
daemon@ATHENA.MIT.EDU (Edward Siewick)
Sat Jul 18 06:55:02 1998
From: esiewick@digipro.com (Edward Siewick)
To: linux-security@redhat.com
Date: Fri, 17 Jul 1998 18:05:38 -0400 (EDT)
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
>Originally it seemed only linux was affected. In the intervening weeks I've
>seen someone post a freeBSD version and yesterday one for SCO (although
>come to think of it that one may not have been qpopper, but whatever pop3
>SCO ships with).
Qpopper is derived from the Berkeley popper.
SCO v3.2r4.2 shipped with a pop3d;
SCO v3.2r5.0 ships with 'popper.' The CERT thing mentioned:
Some SCO Operating systems are vulnerable. Patches are currently
being developed and should be available soon.
We use qpopper on several Linux, SCO, Solaris and HP/UX servers; we just did
them all.
> What I can't believe is how long CERT advisories take to come out these
> days. If I would have waited until I got this one before I patched the one
> box I had that was affected I would have been hacked about 3 times.
I have to wonder about the CERT announcement timing policy. Anybody know
how they decide when to announce? At the least, there's a delay of days
while the vendors are contacted with respect to patches and such. Usually,
Sun has its act together; SCO is "looking into it" or "working on patches"
or some other sort of vague comment.
Edward Siewick
--
ESiewick@DigiPro.com DigiPro Digital Productions, LLC
Voice: 703-522-8465 3100 North Quincy Street
Fax: 703-522-8417 Arlington, Virginia 22207
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null